MySQL Security with PHP, javascript, and HTML?

Question

Okay, I'm very new to web programming. I'm creating my own database-driven website. I'm attempting to setup an admin login to update the site's content. I'm worried about acessing my mySQL databse securely however.

I intend to have the database search for the given username, and then compare the password hash to the hash of the given password.

My worry is in setting up the connection to the mySQL datbase.

from what I see, the way to do this is via:

<?php
    $myConn=mysqli_connect(host,user,pass,dbName);
>

Now I intend to pass this to javascript to check all the credentials but if this is defined in the HTML file, then the login details would be plain for all to see yes?

Or, should I define it in an external .js file that will to the checking? I'm still worried if that is safe enough?

Answer 1

I think you are a bit confused there so i will try to explain it very simple.

Front End - Client Side: HTML , CSS , JavaScript Back End - Server Side: PHP , SQL

Everything on the Front End... can not be trusted, as it is accessible by everyone. Then why we are validating with JavaScript? Just to help users with typos... simple as that...

All your security, is at the Back End. You validate with PHP all the values submitted from the Front End and then you perform the required actions on your Database with SQL.

You should never pass anything to JS that you don't want your users to see/access. You should do that via PHP.

Does this help you/clear the things a bit?

PS: from my understanding you are creating a login for your project right? Find below some links with tutorials step by step that might help you.

1. http://www.phpeasystep.com/phptu/6.html
2. http://php.about.com/od/finishedphp1/ss/php_login_code.htm
3. http://www.wikihow.com/Create-a-Basic-Login-Script-in-PHP
4. http://www.homeandlearn.co.uk/php/php14p2.html
5. http://phpsnips.com/4/Simple-User-Login#.Uk41QYZmi-0
6. http://www.html-form-guide.com/php-form/php-login-form.html